Total TLS
Total TLS allows Cloudflare to issue individual certificates for your proxied hostnames. These certificates will protect proxied hostnames not covered by Universal certificates.
When issued, these certificates will have a type of Advanced - Total TLS, and their default validity period is 90 days.
Reference
Section titled “Reference”Availability
Section titled “Availability”Total TLS is available for domains that have purchased Advanced Certificate Manager and are currently using a full DNS setup.
Limitations
Section titled “Limitations”Hostnames used with other Cloudflare products
Section titled “Hostnames used with other Cloudflare products”Total TLS does not issue certificates for any hostnames used with:
You can use other types of certificates or manually order advanced certificates for these hostnames.
Deleting certificates
Section titled “Deleting certificates”Once you enable Total TLS, be careful deleting any Total TLS certificates associated with proxied hostnames.
If you do, our system assumes you want to opt that hostname out of Total TLS certificate and will not order new certificates for the hostname in the future. This behavior applies even if you delete and re-create the hostname's DNS record.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark